Spec URL: http://people.fedoraproject.org/~dwalsh/xguest/xguest.spec
SRPM URL: ttp://people.fedoraproject.org/~dwalsh/xguest/xguest-1.0.2-1.fc8.src.rpm
Description: xguest is a package that sets up a locked down user for use in
kiosk systems. The user will be controlled so that all they can use is Firefox
for reaching the internet.

Maybe I am just picky, but I am very much against creating files in %post. I
feel that %source1 sepermit.conf, with the appropriate content, copied in %post
to the right place would be cleaner and easier to manage/verify via rpm -qV

rpmlint -v ../SRPMS/xguest-1.0.5-2.fc8.src.rpm xguest.src: I: checking
rpmlint -v ../RPMS/noarch/xguest-1.0.5-2.fc9.noarch.rpm
xguest.noarch: I: checking
xguest.noarch: E: use-tmp-in-%post
xguest.noarch: E: use-of-home-in-%post
These two aren't actually a use of it but adding the namespace configuration to
namespace.conf. As soon as pam_namespace will support config files in
namespace.d this should be changed. Perhaps you should save a backup of the
existing namespace.conf so it will be possible to restore it after the future
change. Of course the backup should be owned by the package as %ghost.
xguest.noarch: E: preun-without-chkconfig /etc/rc.d/init.d/xguest
That's a real error and it should be fixed. chkconfig --del should be run for
xguest.
xguest.noarch: W: service-default-enabled /etc/rc.d/init.d/xguest
xguest.noarch: E: no-status-entry /etc/rc.d/init.d/xguest
xguest.noarch: W: no-reload-entry /etc/rc.d/init.d/xguest
I think these are OK. Status and reload entries do not make much sense as xguest
is not a daemon but script containing just some bind mounts. Whether it should
be enabled by default or not is debatable but as the %post script creates the
xguest user account I think that enabling the polyinstantiation to work for him
without further admins actions (except reboot or start of the script for the
first time) is fine.
xguest.noarch: W: uncompressed-zip /etc/desktop-profiles/xguest.zip
That's OK as it is only 177kB anyway.
Comment about the wording of Summary and Description:
It should be describing what the package does so IMO it should be more like:
Summary: Creates xguest user as a locked down user
%description
Installing this package sets up the xguest user to be used as a temporary
account to switch to or as a kiosk user account. The account is disabled unless
SELinux is in enforcing mode. The user is only allowed to log in via gdm.
The home and temporary directories of the user will be polyinstantiated and
mounted on tmpfs.
More notes:
The URL: http://people.fedoraproject.org/~dwalsh/xguest/%{name}-%{version}.tar.bz2
points to nonexistent file.
There is no %defattr(...) on the beginning of %files.

One more suggestion - when the namespace.conf file is modified I'd suggest to add
a comment line before and after the xguest configuration so it will be easy to
remove it as soon as the configuration is moved to an extra file in the future
namespace.d. And in the %preun you can already remove these lines between the
comment lines.